﻿@using Seal.Model;
@{
    SecurityProvider provider = Model;

    //Parameters for this provider
    provider.Parameters.Add(new SecurityParameter() { Name = "add_windows_groups", BoolValue = false, DisplayName = "Add security groups matching Windows groups", Description = "If true, the user will belong to the security groups having the name of his Windows groups." });
    provider.Parameters.Add(new SecurityParameter() { Name = "windows_groups_skip_domain", BoolValue = true, DisplayName = "Groups matching: Skip domain name", Description = "If true, the Windows-Security groups matching is done without the domain name." });
    provider.Parameters.Add(new SecurityParameter() { Name = "windows_groups_ad_context", Value = "", DisplayName = "Groups matching: Method used to get the Windows groups", Enums = new string[] { "", "Machine", "Domain", "ApplicationDirectory" }, Description = "Select the context type used to get the Windows Groups. If empty, Windows Identity is used instead of Active Directory." });
    
    provider.Script = @"@using System.Net;
@using System.DirectoryServices;
@using System.DirectoryServices.AccountManagement;
@using System.Security.Principal;
@{
    SecurityUser user = Model;
	//Integrated Windows authentication: check IPrincipal and set name and groups...
	//IIS Authentication must be configured with Windows Authentication enabled, Anonymous Authentication disabled
	//user.WebPrincipal -> may be used for integrated windows authentication

    if (user.WebPrincipal != null && user.WebPrincipal.Identity.IsAuthenticated) 
    {
        user.Name = user.WebPrincipal.Identity.Name;
        user.WebUserName = user.WebPrincipal.Identity.Name;
		//user.PersonalFolderName -> may be set to define the personal folder name
		if (user.Security.GetBoolValue(""add_windows_groups""))
		{
			user.AddWindowsGroupToSecurityGroup(user.Security.GetBoolValue(""windows_groups_skip_domain""), user.Security.GetValue(""windows_groups_ad_context""));
		}
		else 
		{
			user.AddDefaultSecurityGroup();
		}
		
        //User name may be changed from UserPrincipal
        //if (user.UserPrincipal != null) {
        //    user.WebUserName = user.UserPrincipal.Name;
        //}
        //Or get display name from another AD
        //using (var ctx = new PrincipalContext(ContextType.Domain, ""yourdomain"")) {
        //    var adUser = UserPrincipal.FindByIdentity(ctx, user.Name);
        //    if (adUser != null) {
        //        user.WebUserName = adUser.DisplayName;                   
        //    }
        //}

		if (user.SecurityGroups.Count == 0)		
		{
			user.Error = ""The user is authenticated but he does not belong to any security group."";
            var log = user.Error + ""\r\nWindows Groups from Windows Identity:\r\n"";
            var identity = user.Identity;
            if (user.WebPrincipal != null) { identity = user.WebPrincipal.Identity as System.Security.Principal.WindowsIdentity; }
            if (identity != null)
            {
                foreach (var group in identity.Groups.OrderBy(i => i.Translate(typeof(System.Security.Principal.NTAccount)).ToString()))
                {
                    log += group.Translate(typeof(System.Security.Principal.NTAccount)).ToString() + ""\r\n"";
                }
            }
            log += ""\r\nWindows Groups from AD:\r\n"";
            if (user.UserPrincipal != null)
            {
                foreach (var p in user.UserPrincipal.GetAuthorizationGroups().OrderBy(i => i.Name))
                {
                    log += p.Name + ""\r\n"";
                }
            }
            Helper.WriteLogEntry(""Web Report Server"", System.Diagnostics.EventLogEntryType.Warning, log);            
		}
		
		//if not null, user.UserPrincipal contains all information got from the Active Directory (System.DirectoryServices.AccountManagement.UserPrincipal)
		//var ADName = user.UserPrincipal.Name; 

        //User default culture, theme and logo can be also overwritten with
        //user.SetDefaultCulture(group.Culture);
        //user.SetDefaultLogoName(group.LogoName);  
    }
    else 
    {
        user.Error = ""The user is not authenticated by Windows. Check that IIS Authentication is configured with Windows Authentication enabled and Anonymous Authentication disabled..."";        
    }
}";
}
